The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

Composition and Policy Direction of Compensation Insurance Against Customer Information Infringements in Financial Transactions

금융거래 고객정보 침해사고 보상보험의 구성 및 정책방향

  • Kim, Jong Hwan (CIST(Center for Information Security and Technologies), Korea University) ;
  • Lim, Jong In (CIST(Center for Information Security and Technologies), Korea University)
  • Received : 2014.04.28
  • Accepted : 2014.06.16
  • Published : 2014.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

Personal information is a requisite for financial transactions as well as a core asset of financial companies. However, as a side effect of the information society, personal information infringements have emerged as significant social risks, causing realized loss to individuals and companies. This study analyzes results of financial and emotional loss in terms of consumer loss and also presents usefulness of insurance in order to minimize such actual damages as a means of risk transfer. In addition, this study investigates components and premium calculation principles of compensation insurance against personal information invasion and finally presents policies to activate these insurance product. As a method of risk management, insurance not only is a useful tool to guarantee consumer protection and companies' financial soundness simultaneously but also provides a basis of quantitative measurement of IT risks.

개인정보는 금융거래의 성립조건이며 금융회사의 핵심자산이다. 그러나 정보사회의 부작용으로써 나타난 개인정보 침해사고는 중대한 사회적 위험이 되고 있으며, 이러한 위험은 개인과 회사의 실제적 피해로써 현실화되고 있다. 본 연구는 소비자의 손실 측면에서 개인정보 침해 사고로 인해 금융 분야에서 발생한 금전적, 정신적 손해 현황을 분석하고, 이러한 실제 손해를 최소화하기 위한 위험전가의 수단으로써 보험의 유용성을 제시하였다. 그리고 개인 정보 침해 사고 보상보험의 구성요소와 보험료의 산정원리를 검토하고 최종적으로 이러한 보험 제도를 활성화하기 위한 정책을 제안하였다. 위험관리의 한 방법으로써 보험은 소비자 보호와 회사의 재무적 건전성을 동시에 확보할 수 있는 유용한 수단이며, IT 리스크의 계량적 측정을 위한 기반을 제공할 수 있다.

Keywords

References

  1. Bae, B. H. and Min, K. S., "Policy recommendations on the activation plan of domestic information security insurance market," Internet and Security Focus 2013 July, pp. 6-26, 2013.
  2. Cha, G. S., "A Study on the Criteria to Estimate the Compensation from the Infringement of Personal Information," Soongsil University, p. 22, p. 56, 2011.
  3. Chai, S. W., Min, K. S., Hwang, S. W., and Won, S. J., "A study on the analysis of the economic value of private information," Information Security Issue Report 2007-03, pp. 1-20, KISA, 2007.
  4. CSI(Computer Security Institute), "15TH ANNUAL 2010/2011 COMPUTER CRIME AND SECURITY SURVEY," p. 23, 2011.
  5. Dieter Gollmann, COMPUTER SECURITY Third Edition, pp. 32-33, WILEY, 2011.
  6. ENISA(European Network and Information Security Agency), Security Economics and The Internal Market, http://www.enisa.europa.eu/, p. 85, 2008.
  7. ENISA, Incentives and barriers of the cyber insurance market in Europe, http:// www.enisa.europa.eu/, pp. 19-20, p. 27, 2012.
  8. FSC(Financial Services Commission), FSS, "Press release : Damage prevention comprehensive plan for new and variant telecommunications fraud," 2013.
  9. FSS(Financial Supervisory Service), DART (Data Analysis, Retrieval and Transfer System), http://dart.fss.or.kr.
  10. FSS, "Press release : Analysis of the damage caused by phishing and notes on financial transactions," 2013.
  11. Han, C. H., Chai, S. W., Yoo, B. J., Ahn, D. H., and Park, C. H., "A Quantitative Assessment Model of Private Information Breach," The Journal of Society for e-Business Studies, Vol. 16, No. 4, pp. 17-31, 2011. https://doi.org/10.7838/jsebs.2011.16.4.017
  12. KIDI(Korea Insurance Development Institute), Insurance statistics information services, http://www.insis.or.kr.
  13. KIDI, "Activation plan of the liability insurance for personal information security breaches," CEO REPORT KIDI 2012-04, pp. 1-18, KIDI, 2012.
  14. Kim, H. S., Theory of damage assessment, p. 83, 113, 119, pp. 145-149, p. 169, p. 306, LLOYDS, 2008.
  15. Kim, K. S.(member of the National Assembly), Breaches of customer information of financial companies since 2008, http://www.dreamk.kr, 2014.
  16. Kim, Y. R., Lee, H. C., and Yoo, J. H., "A study on the methodology to estimate the personal information value using the Contingent Valuation Methods(CVM)," Information Security Issue Report 2007-02, pp. 1-22, KISA, 2007.
  17. Kim. D. H. PRINCIPLES OF INSURANCE, p. 16, p. 40, HAKHYUNSA, 2002.
  18. Kwon, H., Lee, E. J., Kim, T. S., and Jun, H. J., "Estimating Compensation for Personal Information Infringement in Korea Using Contingent Valuation Methods," Journal of The Korea Institute of Information Security and Cryptology, Vol. 22, No. 7, pp. 367-377, 2012.
  19. Lee, H. C. and Ahn, K. A., "The evaluation of Personal Information Leakage Loss using the Contingent Valuation Methods," Productivity Review, Vol. 22, No. 2, pp. 1-24, 2008.
  20. Lee, J. B., Theory of damage assessment, p. 156, p. 398, DOOYANGSA, 2008.
  21. Lee, J. K.(member of the National Assembly), Status of the illegal use of credit card, http://www.ljk.co.kr/, 2013.
  22. Ponemon Institute, LLC, 2010 Annual Study : U.S. Cost of a data Breach, p. 32, 2011.
  23. Son, J. H., Electronic Financial Transaction Act, p. 62, BOBMUNSA, 2008.
  24. Yoo, J. H., Jie, S. H., and Lim, J. I., "Estimating Direct Costs of Enterprises by Personal Information Security Breaches," Journal of The Korea Institute of Information Security and Cryptology, Vol. 19, No. 4, pp. 63-75, 2009.

Cited by

  1. 개인정보 손해배상책임 보장제도의 쟁점과 과제 vol.19, pp.1, 2020, https://doi.org/10.9716/kits.2020.19.1.037